Phishing—Don’t Take the Bait!
 
“Phishing” is cybergeek for “fishing.” You bait the hook and see who will bite. It works like this: You get an e-mail from your bank or your credit card company or Ebay or PayPal or your ISP or another concern with which you have done business. The e-mail tells you that you need to update your personal information for the company’s records, and it provides a web link for you to go to and enter that information. You go to the link. It’s authentic looking. The phisherman has taken logos and wording from your bank’s web site and has provided a convenient form for you to complete. It asks for your name, address, phone number, account number, PIN, credit card number, password, and social security number. You enter the information and click the “Submit” button. Congratulations! You are now a victim of identity theft. That e-mail was phony; it didn’t come from your bank, and your information is now in the hands of a person who will either use it himself for a nice shopping spree, or who will sell it to another person. The perpetrator may be in the U.S., or more likely in Central or Eastern Europe. The nation of Kyrgyzstan, which you have never heard of and couldn’t find on a map to save your life, is a hotbed of phishing scams. The perpetrator is unlikely to be caught—but see below.
Protecting Yourself is Very Easy
Protecting yourself from phishing is the easiest thing in the world. To protect yourself, you only need to know one simple fact:
Your Financial Institution will Never send you an e-mail asking for this information.
Never, ever respond to an e-mail such as that described above. If you have any question as to the meaning of the word “Never,” please consult a good dictionary. Don’t even waste your time phoning your bank or other institution to find out whether the e-mail is legitimate. It is not, because Your Financial Institution will Never send you an e-mail asking for this information. I cannot over-emphasize this: if you have any question as to the meaning of the word “Never,” please consult a good dictionary.
Friday, May 21, 2004 — Zachary Keith Hill, 20, was sentenced Tuesday to 46 months in prison after pleading guilty to defrauding America Online Inc. (AOL) and PayPal customers with a sophisticated online phishing con, the U.S. Department of Justice said.

Hill admitted he fraudulently obtained credit card and bank account numbers and defrauded consumers of US$50,000 in two phishing scams. The customers were fooled into providing the information after receiving e-mail messages from Hill containing links to Web pages that harvested personal information. The e-mail looked like official correspondence from the companies.

Such scams proliferate because online criminals, including organized crime groups, enjoy relatively high success rates from phishing crimes, which rarely result in arrest, said Avivah Litan, vice president and research director at Gartner Inc., which recently published a report on phishing.
Most e-mail spam gets only a 1/2 per cent response rate — even if the product that the spammer is selling is legitimate, which it sometimes is. Phishing, however, gets a 3 per cent response rate. That means that 3 per cent of the people who receive these e-mails do not know what you now know—that Your Financial Institution will Never send you an e-mail asking for this information.
Looks pretty real, huh? The “Citigroup Privacy Promise” is a link to an actual Citigroup web page. Likewise the “Terms and Conditions” link. (Grammar nuts will note the misplaced comma after “know,” plus a number of other errors—it doesn’t take a genius to come up with a pretty good phishing scam. Also note the Cyrillic (Russian) character that replaces the copyright symbol ©; the author of this scam was using a Windows® machine that was operating in a language that uses the Cyrillic alphabet, and, like most Windows® users, he didn’t know how to access special characters.) It’s the “click here to access...” link that takes you to the identity theft page. But even if this e-mail had been visually and gramatically perfect, you wouldn’t click that link, because you now know with absolute certainty that this e-mail is an example of phishing, because you now know that Your Financial Institution will Never send you an e-mail asking for this information, and that you should Never respond to such an e-mail.
By now you have also consulted a good dictionary to confirm your understanding of the word “never.”
Here’s another one. By coincidence, this one came in my e-mail as I was preparing this web page. This one isn’t very fancy, and probably made the perpetrator only a few thousand dollars. Again note the improper punctuation. I tried to follow the link to get a screen capture of his data theft form, but the link was no longer working. By now he’s got a new link and a new series of e-mails going around. One would hope that even someone who hadn’t seen the warning on this web page would find it odd that an e-mail that appears to come from usbank.com would refer to the IP address 203.131.68.250 rather than a URL at usbank.com.

Sometimes it’s possible to identify the sender of such an e-mail. I decided to try to identify this guy, so in Mac OS X I opened the Terminal application (while on-line) and typed “whois 203.131.68.250”. Here is the relevant part of my Terminal (also known as the Shell, or the Unix Command Line) session:

[iMac:~] owner% whois 203.131.68.250

inetnum: 203.131.68.248 - 203.131.68.255
netname: NETSOLIC-PH
descr: Network Solutions Interfaces Corporation
descr: U301 Aguirre Bldg 812 A Arnaiz Ave Makati
country: PH
admin-c: RB82-AP
tech-c: RB82-AP
mnt-by: MAINT-PH-INFOCOM
changed: framirez@info.com.ph 20011002
status: ASSIGNED NON-PORTABLE
source: APNIC
changed: hm-changed@apnic.net 20020827

person: Ric Barasi
address: U301 Aguirre Bldg 812 A Arnaiz Ave Makati
country: PH
phone: +63-2-817-4157
fax-no: +63-2-892-4820
e-mail: rbarasi@nsi.com.ph

So—a Mr. Ric Barasi, whose office is in the upscale Manila suburb of Makati, Republic of the Philippines, owns the block of IP addresses from 203.131.68.248 to 203.131.68.255. Either Mr. Barasi is the perpetrator of this scam or he has had his Windows® network hijacked by someone else who is using it without Mr. Barasi’s knowledge. We will pursue this no further, but if you wish to phone, fax, or e-mail Mr. Barasi, the necessary information is publicly available, as shown above. Please note that I did not resort to trickery or “hacking” or other questionable means to obtain the above information; a “whois” search is the standard method of learning who owns an Internet domain or IP address.

This Security Message Brought to you by Annapolis Apple Slice
Perryopolis, Pennsylvania
Search Perryopolis.com
Serving in Uniform
The Perryopolis Yahoo Discussion Group is at http://www.groups.yahoo.com/group/perryopolis. Join Now!
Your Privacy on Perryopolis.com
Internet Security Information
E-mail the Webmaster
Try the Large-print Site Index
• Main Page
• Support Perryopolis.com!
• The Adjunct Perry Dictionary
• Around Town: Photos
• Business Directory
• Classmates thru ’79
• Classmates after ’79
• Coal Mining
• Everson Centennial
• Genealogy

• Old Guestbook
• Serving in Uniform
• Layton
• Malta Hall
• Map: How to Get Here
• Photo Pages
• Pioneer Days
• Perry Township
• Providence Meeting House
• Class Reunions
• Reunion Photos
• Site Search

• Star Junction Memories
• Town Charter
• Veterans' Pages

• Terms of Use
• E-mail the Webmaster